Closed rklec closed 4 weeks ago
https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html#safe-net-example currently suggests https://www.nuget.org/packages/LinqToLdap/ for C#. While this sounds good, it currently is not up-to-date with a good .NET base version, so cannot be used in many modern projects for now. Also, obviously, an outdated library is possible not a good suggestion.
Best case would be to help upgrading the lib as in https://github.com/madhatter22/LinqToLdap/issues/31
For now, however, maybe a note like "(for .NET Framework 4.5 or lower)" could be added, possibly linking to the issue for maintenance/upgrade. To shed light on the problem.
This is great information. Do you have time to cut a PR?
What is missing or needs to be updated?
https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html#safe-net-example currently suggests https://www.nuget.org/packages/LinqToLdap/ for C#. While this sounds good, it currently is not up-to-date with a good .NET base version, so cannot be used in many modern projects for now. Also, obviously, an outdated library is possible not a good suggestion.
How should this be resolved?
Best case would be to help upgrading the lib as in https://github.com/madhatter22/LinqToLdap/issues/31
For now, however, maybe a note like "(for .NET Framework 4.5 or lower)" could be added, possibly linking to the issue for maintenance/upgrade. To shed light on the problem.